Update 2014-07-10:

Before starting:

We will prefer to work in the new, clean Virtual Machine. My preference goes to XenServer which can run on top of almost any hardware (Configure backups!).

I recommend you give at least 1GB of RAM to your Redmine box.

This tutorial was written for Redmine 2.5.x but it should be compatible with future versions

I didn’t get GitSmartHTTP to work on Ubuntu 14.04 yet because of several issues. If I have time I will continue to investigate the problems. See the Redmine Issue. There is also a patch available if you don’t use anonymous access.

Before anything else, we will make sure that the packages are up to date:

ServerName redmine.domain.com
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName redmine.domain.com
# Enable SSL with Perfect Forward Secrecy
SSLEngine on
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
SSLCertificateFile /etc/apache2/ssl/redmine.crt
SSLCertificateKeyFile /etc/apache2/ssl/redmine.key
DocumentRoot /opt/redmine/current/public/
## Passenger Configuration
## Details at http://www.modrails.com/documentation/Users%20guide%20Apache.html
PassengerMinInstances 6
PassengerMaxPoolSize 20
RailsBaseURI /
PassengerAppRoot /opt/redmine/current
# Speeds up spawn time tremendously -- if your app is compatible.
# RMagick seems to be incompatible with smart spawning
RailsSpawnMethod smart
# Keep the application instances alive longer. Default is 300 (seconds)
PassengerPoolIdleTime 1000
# Keep the spawners alive, which speeds up spawning a new Application
# listener after a period of inactivity at the expense of memory.
RailsAppSpawnerIdleTime 3600
# Additionally keep a copy of the Rails framework in memory. If you're
# using multiple apps on the same version of Rails, this will speed up
# the creation of new RailsAppSpawners. This isn't necessary if you're
# only running one or 2 applications, or if your applications use
# different versions of Rails.
PassengerMaxPreloaderIdleTime 0
# Just in case you're leaking memory, restart a listener
# after processing 5000 requests
PassengerMaxRequests 5000
# only check for restart.txt et al up to once every 5 seconds,
# instead of once per processed request
PassengerStatThrottleRate 5
# If user switching support is enabled, then Phusion Passenger will by default run the web application as the owner if the file config/environment.rb (for Rails apps) or config.ru (for Rack apps). This option allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of environment.rb/config.ru.
PassengerUser www-data
PassengerGroup www-data
# By default, Phusion Passenger does not start any application instances until said web application is first accessed. The result is that the first visitor of said web application might experience a small delay as Phusion Passenger is starting the web application on demand. If that is undesirable, then this directive can be used to pre-started application instances during Apache startup.
PassengerPreStart https://localhost
<Directory /opt/redmine/current/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
AddOutputFilter DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
ErrorLog ${APACHE_LOG_DIR}/redmine.error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/redmine.access.log combined
ServerSignature Off
</VirtualHost>

155 Comments

Hi Sergio, Good catch! Indeed, the MySQL password doesn’t appear in the Apache configuration file because I was not able to get Git Smart HTTP to work in Ubuntu 14.04. So the Apache configuration is actually correct. I corrected the article, thanks!

Hi Kevin, Good point you make there! Note that you can definitively solve this issue with the following command:echo "source $HOME/.rvm/scripts/rvm" >> ~/.bash_profile I will add it to the tutorial as it could be an issue for people updating. Thanks for the feedback! Cheers,

Passenger should only by using 2.0.0 so I don’t understand why there is mention of 1.9.1 in the backtrace. Check the Passenger ruby configuration and make sure it calls for ruby 2.0.0 from RVM. the line you should have is: PassengerDefaultRuby /home/administrator/.rvm/gems/ruby-2.0.0-p451/wrappers/ruby What do you get when you run: which ruby Also, you could try to run again the bundler installation: gem install bundler Let me know the result of these commands. Cheers

I’m trying to configure redmine on a virtual machine just to test on local host. I can get all the way to the end when I need to reload the apache server the last time. When I do it I get an error: * Reloading web server apache2 * * The apache2 configtest failed. Not doing anything. Output of config test was: AH00526: Syntax error on line 13 of /etc/apache2/sites-enabled/redmine.conf: SSLCertificateFile: file ‘/etc/apache2/ssl/redmine.crt’ does not exist or is empty Action ‘configtest’ failed. The Apache error log may have more information.

I’m pretty new to linux, so whenever I run into an error on guides like this I feel like a fish out of water.

Hi Shali, I think you either forgot to configure Passenger or forgot to enable the passenger configuration. Check the content of /etc/apache2/conf-available/passenger.conf And Check the configuration is enabled: sudo a2enconf passenger Then restart Apache: sudo service restart apache2 Cheers,

This was an amazing tutorial. I really enjoyed how inclusive you were and how you explained what each step was doing. I do have one question though. This setup is a little different than my previous redmine setups (meaning the default file locations and everything are odd to me). When I go through redmine’s plugin tutorial, this setup seems to be out of sync with what’s happening. Do you have any advice on how to use redmine’s plugin generator. Here is the location of redmine’s tutorial that doesn’t work with this setup. http://www.redmine.org/projects/redmine/wiki/Plugin_Tutorial Thanks, and I really did enjoy the tutorial.

Hi Paul, By authentication, do you mean Git/SVN authentication or Redmine’s authentication? You could have a problem with the hostname like David. The VirtualHost configuration bounds Redmine to an hostname. If you have several VirtualHosts and no DNS records to access them, you could have this problem. I’d need to know more:

Hello Supal, It seems you installed the Ubuntu ruby package package . You get the error because you are not using the RVM ruby environment that the tutorial helps to setup. An easy fix should be for you to remove the ruby package: sudo apt-get remove ruby and then re-install Passenger. Cheers!

module passenger_module is already loaded, skipping. You get this message because you are trying to load twice the Passsenger module. It seems your server is a big mess. Maybe you should reinstall from scratch on a fresh OS.

When you create your SSL certificate (OpenSSL command), you are asked to input the Common Name of the certificate. This common name should match the DNS name that you are using to access the server. Read that section again please.

I have followed your tutorial to a T and have the domain set to mine in both files it says ServerName redmine.mydomain.net (as it is a .net). everything is loaded according to Apache and when I go to redmine.mydomain.net it says it cannot find the server. I am at a loss I looked through the guide again to make sure I didn’t miss anything and I have not. Maybe you’ll have a better idea. Let me know if i left out any info!

Hi Paul, I didn’t detail but you should have control the domain you use. In your case, you should have control over mydomain.net domain name, by having it registered by a registrar. Once you have this (I assume you do), you can create a subdomain in you domain administration interface. The said subdomain is a record such as: redmine.mydomain.net A 1.1.1.1 where 1.1.1.1 is your server’s public IP. In case you don’t have a domain or a public IP, you may create a DNS record in your company router to associate your chosen domain to Redmine’s private IP. You should be able to access you Redmine using the server’s IP address if Redmine is the only VirtualHost on the server. Note that you will get a SSL warning when not using the correct DNS name.

I didn’t want to talk into the details of managing the DNS as it is not the subject of the article and that the configuration required will be almost unique to each company according to their setup.

Hi Paul, could you add my Skype (martin.denizet) please? It will be easier because I’m afraid there is a misunderstanding here. Cheers!

Paul Cyrocki July 11, 2014 1:41 am

Sorry, I understand, I guess what I need to do is figure out how to run it as a SubURi because this guide breaks my other site on that network (assuming because of the redirection) Sorry for the confusion. I did not see your message I am EST so we have a bit of a time difference.

Hi John, I will try to keep the answer short and not too technical. HTTPS assumes 2 functions: 1. Encryption of the traffic. (It’s not possible to read the dialog between the server and the client’s browser) 2. Authentication of the server (Make sure that we are really talking the mysite.com server and not a malicious server pretending to be mysite.com)

In the tutorial, I ask to generate a self-signed SSL certificate because it is immediate, free and better than nothing. With it, the traffic is encrypted but the definition of a self-signed certificate is that there is no third party trusted entity (Certificate Authority) to certify that this certificate is indeed trustworthy (It could be a spoof). That’s the message you get.

To fix this you have several options, from what I think is the worst, to what could be the best according to your situation: 1. Get rid of SSL. No more warning but also no more encryption. It’s arguably an option for a local network of trusted computers. 2. Accept the self signed-certificate. You can install in in your Windows certificate store or in your browser (simple in Firefox). That’s a quick-fix if you are just a couple of users. 2.bis If you are using Active Directory to manage your computers: Create a new certificate with a signing request and make your Active Directory sign the request. If you computers are domain members, the certificate will appear valid to them, if not, c’est would need to add the AD CA public key to their certificate store. This option can be convenient for a company because it keeps the control of the certificate validation in the AD. If you want to do that ask me, I will write an article about it. 3. Get a free SSL certificate. Yep, free and valid, with simple validation. You can check StartSSL: https://www.startssl.com/ 4. Purchase a certificate with extended validation (EV). It’s a bit over the top. These certificate are mostly for sites like e-commerce with public users needing trust.

Thanks for the help Martin. I actually have Active Directory set up at my location, and they have a .crt and .key file that I can use. I placed that .crt and .key file that they are using on other servers in the /etc/apache2/ssl folder and named them redmine.crt and redmine.key and gave them the same permissions as the instructions above show. It still is showing as an unsafe connection after an apache restart. Thanks again!

I was wondering if I hosed it at the start, I had opened a second shell as su -i and ran apt-get install curl, I exited out after that and ran sudo each time but several commands never asked for a password even though they were sudo.

It’s just a virtualbox machine so if I need to try again I saved a snapshot before starting. practice, practice, practice…

Hi Rob, You did put the redmine.conf and redmine-redirect.conf in the /etc/apache2/conf-available directory instead of /etc/apache2/sites-available. I don’t know if it’s the source of your problems but it matters because the configuration is loaded before the sites. I suggest you to move these 2 files over to /etc/apache2/sites-available and then run:sudo a2ensite redmine redmine-redirect Be careful, you did a typo copying the commands I asked you. You replaced the dash by a underscore.

I followed your write up, and I firstly want to say you deserve a paycheck for this one! It has been the first write on this topic that has had very minimal (easily fixable) issues.

I am having one slight issue that I hope you can help me fix. When attempting to go to the address (redmine.site) (site = amazon ec2 instance public address) it did not work, so I did what you said, and still no go. So then I followed your comment above and edited the file, restarted the apache2 server and then attemped to go to site/redmine and that gives me a 404 error.

Thank you for your comment, it’s always great to get positive feedback! Regarding your issue I suggest you to check the following things:

ls -la /etc/apache2/sites-enabled, to check the sites enabled in Apache2. It should be redmine-redirect.vhost and redmine.vhost

Servers’ firewall, maybe incoming connections on port 443 are not allowed in iptables or they need to be allowed in the EC2 instance manager (I don’t have experience with EC2 so I’m not sure how their system works)

From you comment, I feel like there could be a misunderstand on the URL to use. The URL you should connect to is https://domain.tld/, there is no /redmine to add.

Hi Martin, When I try to run the second step of the CRM light plugin install, I’m getting these errors, I did look through the CRM forum but did not see anyone else with these type of errors, hope I’m not bothering you in the wrong place but if you have a preference on how to setup the permissions to fix this, it sure would be appriciated..

Rails Error: Unable to access log file. Please ensure that /opt/redmine/current/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed. rake aborted!

Hi Rob, Good catch there, the permissions are not correct in my article to allow installing a plugin that generates log entries or assets. For it to work, you would have to switch as www-data or sudo which is not very practical. Alternatively, you could become member of the www-data group, with few permission tweaks it would work. Here is the practical fix:cd /opt/redmine/current sudo chmod 0775 log sudo chmod -R 0665 log/*.log sudo chown -R www-data:$USER files log tmp public/plugin_assets sudo chmod -R 0775 public/plugin_assets I took the info for permissions from redmine.org, I didn’t see there was a problem because there is no problem when you run the command as root. Thanks for the feedback and sorry for the time you spent on this error! Let me know if your problem is solved. I update the article immediately.

Hi Murad, Thanks for the feedback! For git with SSH on Redmine, I don’t have much experience as I mostly worked with Git Smart Http. However it seems that the popular option is This Gitolite plugin: http://www.redmine.org/plugins/redmine_git_hosting I hope to hear from you if you try it ;). Cheers!

I was trying to test redmine locally, and the tutorial was right for me. The only part where I get lost, was on setting my domain (“Common Name” and “Server Name”) because my almost zero experience on this field. Finally setting both to “localhost” made me availabe to access redmine through “https://localhost”.

Hi Santiago, Thank you for your feedback! I actually hesitated to include the SSL instructions. After some thinking I decided that I should include them as I’am aiming to describe how to install a production instance. Do you have a suggestion to improve that part? Cheers,

While i was searching for bugfix, i realized that passenger module didn’t installed properly. I remembered apache module installer recommended to fix ‘home/preserveusr’ path’s permissions but i didn’t fix it.

Then i revert all the changes, i read your article and applied all steps more carefully. And it works now!

Thank you very much for this excellent article, and thank you for your help.

To Configure Google apps email: In the end it turned out that you can’t have both tls: true and enable_starttls_auto: true in your settings, so you need to comment tls: true setting and your redmine will be able to send email messages via Google’s SMTP. Hope this will be helpful to someone.

I have fixed that… now I have a question ..as e mail server for delivery and receiving method I need to use gmail so as redmine.domain server what I need to change ??? 😀 I’m new with this and I have finishing project at school Redmine..please help 😀

after I did everything I couldn’t restart apache i get ” apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message” can you help me with this … I didi e-mail configuration as you said 😀 but still I don’t know if is it working because as I can see I haven’t cofigurate well apache with redimine

Hi Martin, First of all your tutorial is great for starters thanks for sharing that. But my redmine.domain.com only shows apache default page and I couldn’t change it so if you help me out this I will appreciate it.

Hi , First thanks for your tutorial . It is working fine on my local server and my local network But now I install on AWS server here local ip and static IP are different, like local IP:192.168.0.105 static IP: 67.44.12.88 so can you help to define /etc/apache2/sites-available/redmine-redirect.conf and /etc/apache2/sites-available/redmine.conf files paramter like ServerName

Hi Yogesh, Thanks for the feedback. You can set your ServerName to your public IP. Or better, to you DNS name if you have one. Note than you can also use ServerAlias if you have several ways to address your server. Make sure you allow through ports 80 and 443. Cheers,

You post was excellent. Not sure if you can help I have installed postfix to send email but I get this error: An error occurred while sending mail (getaddrinfo: Name or service not known) not sure what the issue is. I have checked the config in the configuration.yml file with now luck. Any suggestions would be appreciated.

thank you for this great looking article. I\’m not going to test it now but my first question is, how is the best practice to update all tools above to the last stable version? It\’s not about like a standard \”apt-get update && apt-get upgrade\”-procedure 🙂

Hello Axel, Thank you for your comment. I want to do an article about this for a while. I give you the headlines of how I update an instance installed following my tutorial (note that I’m not using an apt package for either Redmine or Ruby):

cd to redmine’s route and check which branch is used (becaused I install with SVN): svn info

To update in the same branch I would use svn update to switch branch I’d use svn switch URL_OF_NEWEST_STABLE_BRANCH

bundle install && bundle update

RAILS_ENV=production bundle exec rake db:migrate

sudo service apache2 restart

From memory, that should be it! Note that that some plugins you use might become incompatible and it’s a good idea to check for updates. Also possible you want to update Ruby to latest compatible but I leave it Google, according to how you installed Ruby it will vary a lot.

To 1: i see, Redmine 2.x doesn’t support Ruby 2.2 To Ruby: so, i would install it like your charming article!? How is the way to update your way? Roughly so with curl: curl -sSL https://get.rvm.io | bash -s stable –ruby=2.2.0 to cover 2.0.0?

thank you for this great looking article. I’m not going to test it now but my first question is, how is the best practice to update all tools above to the last stable version? It’s not about like a standard “apt-get update && apt-get upgrade”-procedure 🙂

The installation I made with your tutorial works really well. But, the thing I need is to have redmine only accessible from a subdirecetory named “redmine”. I just need redmine uses “mydomain.com/redmine” as base URL for all links and ressources.

I have some problem with my setup. I get Server not found in the browser. I hace checked redmine.error.log: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) (it is a warn)

I used the following url redmine.xyz.sytes.net where the xyz.sytes.net is registered as dynamic DNS. The xyz.sytes.net shows the default apache page but the one with redmine doesn\’t work unfortunately.

I’m pretty sure you get this warning because you use a self-signed certificate. You can request a valid one signed by a third-party CA for free from http://www.startssl.com/ for example. Also, if you are in a Active Directory , you can get your certificated signed by AD.

Many thanks for this well- written tutorial, I have a question, thsough. Is git “smart https” access supposed to work in this config? I see nothing about it in redmine.conf. Should I integrate with Your other walkthrougs?

Thanks for tutorial. I have installed Redmine to Hyper-V virtual machine successfully with your tutorial. But sometimes, i am getting Internal Server Error. If i restart apache server, redmine is running well again.

When i look at log files, i saw this error: \”ActionView::Template::Error (cannot load such file — tzinfo/definitions/Europe/Dublin):\”–>timezone part maybe different for other users.

Having a weird issue with using Redmine in a sub URI. The redmine.conf has the RailsBaseURI /redmine setup and saved. The http://website/redmine works for a couple of days it then makes the http://website/redmine not available and it can only be accessed via http://website. The only way to fix it is to restart Apache2, it then goes back to http://website/redmine. Below is the configuration currently running. Wondering if anyone has encountered a similar problem.

# Keep the spawners alive, which speeds up spawning a new Application # listener after a period of inactivity at the expense of memory. RailsAppSpawnerIdleTime 3600

# Additionally keep a copy of the Rails framework in memory. If you\’re # using multiple apps on the same version of Rails, this will speed up # the creation of new RailsAppSpawners. This isn\’t necessary if you\’re # only running one or 2 applications, or if your applications use # different versions of Rails. PassengerMaxPreloaderIdleTime 0

# only check for restart.txt et al up to once every 5 seconds, # instead of once per processed request PassengerStatThrottleRate 5

# If user switching support is enabled, then Phusion Passenger will by default run the web application as the owner if the file config/environment.rb (for Rails apps) or config.ru (for Rack apps). This option allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of environment.rb/config.ru. PassengerUser www-data PassengerGroup www-data

# By default, Phusion Passenger does not start any application instances until said web application is first accessed. The result is that the first visitor of said web application might experience a small delay as Phusion Passenger is starting the web application on demand. If that is undesirable, then this directive can be used to pre-started application instances during Apache startup. PassengerPreStart http://127.0.0.1:80/redmine

Options +Indexes +FollowSymLinks -MultiViews AllowOverride All <IfVersion Order allow,deny Allow from all

On the 2nd step I get an error that says it will not download: \”GPG signature verification failed for /home/User/.rvm/achives/blah blah… I used this command to fix it: (gpg –keyserver hkp://keys.gnupg.net –recv-keys BF04FF17) (no parenthesis) The end of this command may be different for others. It is the characters after RSA key ID.

Any idea why I get error when running passenger-install-module-apache2-install. It runs up to point where it gives me the passenger config file to use in apache. It complains that there is somethign wrong with configuration. Have checked typos etc and all is correct

Hello Elhan, It seems it expects you to install the new configuration when it displays it. After that, it checks that you configured Apache correctly. You can ignore the warning and configure Apache after the install script is completed. If Redmine starts you did everything correctly! Cheers,